The bug, CVE-2021-44228, affects a Java logging package called log4j. It was revealed Thursday by Lunasec and on Friday by Huntress Labs, and is already being exploited, according to an alert from ...

Java’s always had potential security holes but overall it has a pretty good record. Most holes show up as did the Log4j 2 bug — in libraries that didn’t anticipate how bad actors could use specific ...

However, to use Log4j version 2.15.0 or later, you need to upgrade the execution environment to Java 8. -Apply 'Restrict access from JNDI to LDAP server ' merged with Log4j on GitHub.

Log4j zero-day flaw: What you need to know and how to protect yourself Security warning: New zero-day in the Log4j Java library is already being exploited ...

There’s an enormous amount of software vulnerable to the Log4j bug through Java software supply chains — and administrators and security pros likely don’t even know where to look for it.

The most current versions are Log4j v.2.17.0, if you are running Java 8 or later, and Log4j v.2.12.2, if you are running Java 7 across your web app infrastructure.

The flaw and a proof-of-concept exploit was publicly released on Friday, wreaking havoc across companies that use the popular Log4j Java platform. Impacted firms included Amazon, Apple, Steam ...